Diffusion Phabricator df361470c1d9

Be more strict about "Location:" redirects
df361470c1d9
Actions

Tags

Referenced Files

None

Subscribers

None

Description

Be more strict about "Location:" redirects

Summary:
Via HackerOne. Chrome (at least) interprets backslashes like forward slashes, so a redirect to "/\evil.com" is the same as a redirect to "//evil.com".

Reject local URIs with backslashes (we never generate these).
Fully-qualify all "Location:" redirects.
Require external redirects to be marked explicitly.

Test Plan:

Expanded existing test coverage.
Verified that neither Diffusion nor Phriction can generate URIs with backslashes (they are escaped in Diffusion, and removed by slugging in Phriction).
Logged in with Facebook (OAuth2 submits a form to the external site, and isn't affected) and Twitter (OAuth1 redirects, and is affected).
Went through some local redirects (login, save-an-object).
Verified file still work.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10291

Details

Provenance

epriestley	Authored on
epriestley	Pushed on Aug 18 2014, 9:11 PM

Reviewer

Differential Revision

D10291: Be more strict about "Location:" redirects

Parents

rPfe042def42b0: Add a Javascript method to find the pixel position of a range in a textarea

Branches

Unknown

Tags

Unknown

Event Timeline

pran1hiva added a task: T5894: Thumbnails of uploaded files broken when not logged in.Aug 19 2014, 6:22 AM

pran1hiva removed a task: T5894: Thumbnails of uploaded files broken when not logged in.

• vinesh1989 added a task: T5907: aaa"><B>A</b>.Aug 19 2014, 3:09 PM

epriestley removed a task: T5907: aaa"><B>A</b>.Aug 19 2014, 3:40 PM

Changes (11)

Path

Size

src/

__phutil_library_map__.php

aphront/

response/

AphrontRedirectResponse.php

AphrontRedirectResponseTestCase.php

applications/

auth/

provider/

PhabricatorOAuth1AuthProvider.php

files/

controller/

PhabricatorFileDataController.php

phortune/

provider/

PhortunePaypalPaymentProvider.php

PhortuneWePayPaymentProvider.php

infrastructure/

env/

PhabricatorEnv.php

__tests__/

PhabricatorEnvTestCase.php

testing/

PhabricatorTestCase.php

rPdf361470c1d9

src/__phutil_library_map__.php

Loading...

src/aphront/response/AphrontRedirectResponse.php

Loading...

src/aphront/response/tests/AphrontRedirectResponseTestCase.php

Loading...

src/applications/auth/provider/PhabricatorOAuth1AuthProvider.php

Loading...

src/applications/files/controller/PhabricatorFileDataController.php

Loading...

src/applications/phortune/provider/PhortunePaypalPaymentProvider.php

Loading...

src/applications/phortune/provider/PhortuneWePayPaymentProvider.php

Loading...

src/infrastructure/env/PhabricatorEnv.php

Loading...

src/infrastructure/env/tests/PhabricatorEnvTestCase.php

Loading...

src/infrastructure/testing/PhabricatorTestCase.php

Loading...